Support Using Loggly PagerDuty Integration

PagerDuty Integration

An alert fired in Loggly can be sent to PagerDuty, which will then alert the appropriate individual via SMS, phone, email, or iOS push.

 

Step 1. In PagerDuty

1. From the Configuration menu, select Services.

2. On your Services page:

– If you are creating a new service for your integration, click + Add New Service.

 

– If you are adding your integration to an existing service, click the name of the service you want to add the integration to. Then click the Integrations tab and click the + New Integration button.

 

3. Enter a name for the service, select Loggly from the Integration Type menu and enter an Integration Name.

 

If you are creating a new service for your integration, in General Settings, enter a Name for your new service. Then, in Incident Settings, specify the Escalation Policy, Notification Urgency, and Incident Behavior for your new service.

 

4. Click the Add Service or Add Integration button to save your new integration. You will be redirected to the Integrations page for your service.

5. Copy the Integration Key for your new integration:

 

Step 2. In Loggly

1. Click the Alerts tab at the top of the Loggly page.

2. Click Add New to create a new alert.

3. Enter the alert name, the criteria for the alert such as a Loggly saved search, and the threshold that determines when you want the alert to fire.

4. In the Then section, click the checkbox to Send to an endpoint.

5. Click Add New to create a new alert endpoint.

6. Select PagerDuty in the dropdown box.

7. Enter the name of the endpoint and a description.

8. Enter in the Integration Key you copied from PagerDuty in the PagerDuty Step 5 into the API Key field.

9. Press Save to create the endpoint and return to the previous page.

10. For PagerDuty, you can enable the optional setting to auto resolve the incidents in PagerDuty when the alert condition clears:

11. Click on Save again on this page to save the alert.

Tip: If you want to create additional alerts using the same PagerDuty endpoint, just select the existing endpoint in the dropdown box on Loggly’s Alert setup page.

Step 3. Verify

  1. Click on the name of the alert to edit the configuration.

  2. Set the threshold to something that is guaranteed to fire, such as setting it to < 1.  Save the alert when you’re done.

  3. Wait at least 5 minutes for the alert to run and fire.

  4. Log in to your PagerDuty account.

  5. Click on Services and then select the service that’s used for monitoring Loggly.

  6. You should see that an incident has been triggered.

7. Now that you have verified that it’s working, go back and reset your threshold criteria to the value you want your alert to fire on.

Advanced PagerDuty Configuration Options

  • In order to resolve incidents automatically in PagerDuty please make sure to enable this option in your PagerDuty Alert: “When alert condition clears, mark the incident as resolved in PagerDuty”
  • In order to tie together multiple PagerDuty services, use the following instruction: Once you have two Loggly/Generic API services within PagerDuty, create a new alert within Loggly.  When configuring the alert endpoint, use the Service API Key from the second PagerDuty service.

Troubleshooting

If you don’t see any alerts show up please check the following:

  • Verify the search that would trigger the alert has the required events by searching for them on the search tab.
  • Wait for at least the duration you set as how often the alert runs
  • Search or post questions in the community forum.
Thanks for the feedback! We'll use it to improve our support documentation.